Date: Fri, 8 May 2015 19:39:47 +0300 From: Aleksey Cherepanov <lyosha@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: [core john] [Johnny] Windows event loop Mathieu, On Fri, May 08, 2015 at 09:57:29AM -0400, Mathieu Laprise wrote: > Important info from one of my last message : > > > On Windows (tested on 8.1), Johnny can't terminate cleanly the main(and > > only) process of JtR(equivalent of unix sigterm). So, start attack/pause > > attack don't work. However, if we use the windows equivalent of SIGKILL, it > > works. > > From the Qt documentation, > > On Windows, QProces::terminate() posts a WM_CLOSE message to all toplevel > > windows of the process and then to the main thread of the process itself. Console > > applications on Windows that do not run an event loop, or whose event loop > > does not handle the WM_CLOSE message, can only be terminated by > > calling kill(). However, kill() doesn't give you a chance to do some > > cleanup. > > > I continued working on this and read A LOT of websites about this problem > and tried a lot of solutions. Here is for example one site that talks about > this issue > http://stackoverflow.com/questions/813086/can-i-send-a-ctrl-c-sigint-to-an-application-on-windows > > Core-John handles CTRL_C events nicely. However, Qt sends WM_Close message > with Process::terminate() which isn't working with console application that > don't have windows. > > I don't seem to find a clean solution that works. So here are those that > works so far, but I prefer to warn you in case you don't want to accept > that kind of workarounds in your code. > > Solution 1 and 2 allows cleanup(it's like sigterm on unix) > > Solution 1) This requires modifications to john. On Windows, for > john_main_process, create a invisible window, and an event loop on a > separate thread which will forward WM_CLOSE event to a function in john. > I've done a prototype(not in john) and this solution works. It may work if Johnny will be bundled with modified john and Johnny does not support other versions. > Solution 2) Do like the guy named Shakta on stackoverflow. This doesn't > require changes on John. On johnny, use AttachConsole(johnProcessId); > GenerateConsoleCtrlEvent() > and send a CTRL_BREAK to john. The problem is that we receive it too and > it'll kill Johnny. So that's why we create a simple software Helper.exe > with those 3 lines. We'll launch it and it will send the signal for us. > This works, I've tested it too, the details are in Shakta stackoverflow's > answer. Cons : we have a new executable that will be called by johnny. I found that solution too, in the same stackoverflow question. I think it may be a good solution among others. On Windows, you'll find people with old john. So using of a patch may be an option then to make things clearer for newer versions. But for older versions, you need the solution, I guess. If you AttachConsole(), can't you just send Ctrl-C? Though it is not clear to me: does CTRL_BREAK make john to save state on exit? Or is it just a way to kill the process? > Solution 3) Send QProcess::kill() but that doesn't give the chance for John > to cleanup and Solar said it's important. John writes cracked hashes every N minutes. These N minutes will be lost. The N is set in john.conf . It may be big or not. They said that usually N = 10 minutes. Johnny make modify the config to make john to write more often. Though it may hurt performance I am pretty sure that you've tried `taskkill` without /f to kill john from cmd. It did not work, right? Thanks! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.